Configuration Example Explanation
# Whether to enable OAuth2 login functionality. Options: true/false
Enable = true
# The name displayed for OAuth2 login method in the frontend
DisplayName = 'OAuth2 Login'
# Redirect URL after successful OAuth2 authentication. This URL should be the callback address of the Nightingale monitoring service
RedirectURL = 'http://n9e-server:port/callback/oauth'
# SSO service address
SsoAddr = 'https://<authing-tenant-name>.authing.cn/oauth2/authorize'
# SSO logout address, used to handle user logout requests
SsoLogoutAddr = 'https://<authing-tenant-name>.authing.cn/logout'
# SSO service address for obtaining tokens
TokenAddr = 'https://<authing-tenant-name>.authing.cn/oauth2/token'
# SSO service address for obtaining user information
UserInfoAddr = 'https://<authing-tenant-name>.authing.cn/userinfo'
# Method for passing tokens, usually 'header'
TranTokenMethod = 'header'
# SSO service App ID
ClientId = '66***********'
# SSO service App Secret
ClientSecret = 'ccc***********'
# Whether to override user attributes. Options: true/false
CoverAttributes = true
# Default roles for users in the Nightingale system. Options: Guest/Standard/Admin
DefaultRoles = ['Standard']
# Whether user information is an array
UserinfoIsArray = false
# Prefix for user information
UserinfoPrefix = 'data'
# Requested OAuth2 scopes
Scopes = ['profile', 'email', 'phone']
# Mapping of OAuth2 user attributes to Nightingale user attributes
[Attributes]
# Mapping for username field
Username = 'sub'
# Mapping for nickname field
Nickname = 'nickname'
# Mapping for phone field
Phone = 'phone_number'
# Mapping for email field
Email = 'email'
TranTokenMethod Parameter Description
The TranTokenMethod configuration sets the method for sending the Token when retrieving information from the getUserInfo interface. You can check the requirements for passing the Token to the getUserInfo interface during configuration. Below are the configuration parameters based on different scenarios.
- If the interface requires a GET request and the Token is passed in the header, set TranTokenMethod to header;
- If the interface requires a GET request and the Token is passed in the URL, set TranTokenMethod to querystring;
- If the interface requires a POST request, set TranTokenMethod to formdata;
User Attribute Mapping
When integrating, you can filter the keyword oauth2 in DEBUG logs for analysis. As shown in the image below, we can see the relevant data obtained through the getUserInfo interface.
We can fill in the user information obtained from the interface in the configuration, corresponding to the platform fields, to achieve user information mapping.
As shown in the image above, map the obtained name —> Username; nickname —> Nickname; phone_number —> Phone; email —> Email;
Explanation of UserinfoPrefix Parameter
The UserinfoPrefix parameter is used to specify the prefix for properties in the returned user information JSON.
If the API returns the following user information structure, you need to set UserinfoPrefix to data.
{
"data": {
"username": "john_doe",
"email": "john@example.com"
}
}
If you are unsure about the structure of the returned data, you can analyze it through the platform’s DEBUG logs.
Basic Configuration Description
Below is a description of the Authing OAuth2 configuration:
The default RedirectURL is http://n9e-server:port/callback/oauth
| Nightingale Configuration | OIDC Configuration |
|---|---|
| SsoAddr | Authentication Endpoint |
| SsoLogoutAddr | Logout Endpoint |
| TokenAddr | Token Endpoint |
| UserInfoAddr | User Information Endpoint |
| ClientId | App ID |
| ClientSecret | App Secret |
Account Login
Account Logout
Similar to OIDC, currently, the Nightingale server OAuth2 account cannot directly log out. To log out, you need to first log out from the OAuth2 server, and then return to the Nightingale service page to choose to log out.
